A senior CIA analyst has disclosed that hackers have targeted electrical utilities, threatening them with extortion before affecting multiple power outages across cities outside the US.
Addressing utility engineers at a trade conference, Tom Donahue said that the US government believes that inside knowledge played a significant part in the hacker's attempts. No details of the outages or the affected countries were revealed, but the attacks were confirmed as Internet-based.
To counter such cyber intrusions, the Bush administration has implemented various policies and legislations.
On January 17, the The Federal Energy Regulatory Commission (FERC) today approved eight new mandatory critical infrastructure protection (CIP) reliability standards to protect the nation's bulk power system against potential disruptions from cyber security breaches.
These reliability standards were developed by the North American Electric Reliability Corporation (NERC), which FERC has designated as the electric reliability organization (ERO). "Today we achieve a milestone by adopting the first mandatory and enforceable reliability standards that address cyber security concerns on the bulk power system in the US, FERC Chairman Joseph T. Kelliher said. "The electric industry now can move on to the implementation of the standards in conjunction with improvement of these standards in order to increase the security and reliability of the bulk power system.
The mandatory reliability standards require certain users, owners and operators of the bulk power system to establish policies, plans and procedures to safeguard physical and electronic access to control systems, to train personnel on security matters, to report security incidents, and to be prepared to recover from a cyber incident. The eight CIP reliability standards address the following topics:
Critical Cyber Asset Identification;
Security Management Controls;
Personnel and Training;
Electronic Security Perimeters;
Physical Security of Critical Cyber Assets;
Systems Security Management;
Incident Reporting and Response Planning;
and Recovery Plans for Critical Cyber Assets.
Datacenter owners and operators have long been aware of the threat posed by the hacker community, with the propensity for more sustained and intricate DoS and zombie attacks on the rise. With power and security of supply constant concerns, targeting electrical generators highlights yet another area for the datacenter industry to protect itself from.